yvgude/lean-ctx v1.8.2 on GitHub

Security Fix (GitHub Issue #3)

Addresses a privacy concern where the tee_on_error feature could persist API keys, credentials, or PII in plain-text log files (~/.lean-ctx/tee/).

Changes

tee_on_error now defaults to false — opt-in instead of opt-out. Users must explicitly enable with lean-ctx config set tee_on_error true
Sensitive data masking — 7 regex patterns automatically redact before writing:
- Bearer tokens
- Authorization headers
- API keys, passwords, secrets (key=value patterns)
- AWS access keys (AKIA...)
- Private key blocks (PEM)
- GitHub tokens (ghp_, gho_, ghs_, ghu_, ghr_)
- Long hex/base64 secrets associated with key/token/secret/password fields
Auto-cleanup — Tee logs older than 24 hours are automatically deleted on next write
New CLI command — lean-ctx tee [list|clear|show <file>] to inspect and manage error logs

Defense-in-Depth

Off by default — no logs unless explicitly opted in
Redaction — sensitive patterns masked even if enabled
Retention — 24h auto-delete prevents accumulation
Management — lean-ctx tee clear for immediate cleanup

Install / Upgrade

# Homebrew
brew upgrade lean-ctx

# Cargo
cargo install lean-ctx

# Windows: download from this release

Closes #3

Full Changelog: v1.8.1...v1.8.2

yvgude/lean-ctx v1.8.2 v1.8.2 — Security: Tee Log Privacy Fix on GitHub

Security Fix (GitHub Issue #3)

Changes

Defense-in-Depth

Install / Upgrade

yvgude/lean-ctx v1.8.2
v1.8.2 — Security: Tee Log Privacy Fix

on GitHub